I understand that realtimesearches on splunk are very expensive and should be avoided. My question is an extension to what has been asked and answered to some extent in the thread below
http://a...
Per the real-timesearch documentation, you cannot use inputcsv in a real-timesearch. I'm looking to display real-time deviation from normality, where dynamically-generated CSVs are used to d...
...ase: The machine data, additional disorder reports by workers (implemented by tablets) and the knowledge about the working times (monday till friday, 5.30am till 10.30pm). Now I want to use the d...
Hi Folks;
Wondering what would be the impact of disabling real-timesearches for existing reports/dashboards? Of course when we set up Splunk, we never set the default to disable RTS. Now users a...
...f a number of saved searches. This means a user with only the 'user' role can access data reports, but is unable to see the underlying data.
One of the reports we want them to see is however a real-time...
I am trying to convert real-timesearches in the dashboard to scheduled real-timesearches to reduce performance overhead/tradeoff on indexer. I was looking to implement the suggestion in the b...
...plunk Enterprise > Search Manual > Expected performance and known limitations of real-timesearchesandreports
"Real-timesearch matches events that have arrived at the port but have not been p...
Hi guys.
I'm currently working to fix all "real-time" jobs running on my company and I came across one job that I can't find it's original parent.. It's running every 10/15 minutes and takes r...
Hello Splunk ninjas, We all know about scheduled reports configured to use a schedule window - when they run delayed, they still gather data for the time range that they would have covered i...